Open schneems opened 7 years ago
Instead of doing this on a customer's app we can copy their config to another app and run ci:
heroku sudo api get /pipelines/<their-pipeline>/stage/test/config-vars -v 3.pipeline | heroku api patch /pipelines/<your-pipeline>/stage/test/config-vars -v 3.pipelines
Like
heroku sudo api get /pipelines/<their-pipeline>/stage/test/config-vars -v 3.pipeline | heroku api patch /pipelines/c396ba24-a49a-4d11-b43f-0a50d5ac0fdb/stage/test/config-vars -v 3.pipelines
This didn't work because it copied over database url values which rails (thank goodness) won't let you blow away the entire contents of a database with a thing like rake db:schema:load
.
I'm not quite sure how we should tackle this one. Since CI depends on Pipelines and GitHub Sync, there is quite a few API calls that have to happen. GitHub Sync does not support sudo and we have to be careful about how we add support for that. Since we have need to interact with the GitHub API using customer GitHub tokens, there are security concerns that I don't think we can just bypass. We have been talking on the team about how to tackle this to lessen our support burden of our services.
Currently if you try to sudo into a
ci:debug
instance, it will not sudo you onto a pipeline as well:Then if you do sudo yourself into the app, it can still fail
If you try to do this manually you can run into the issue of hitting limits: